Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-3414Cross-site Scripting in Wordpress

CWE-79Cross-site Scripting10 documents6 sources
Severity
10.0CRITICALNVD
NVD4.3OSV4.3
EPSS
6.3%
top 9.06%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
WordpressDebian WordpressSwfupload Project Swfupload+1 more
Timeline
PublishedJul 19
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages5 packages

debiandebian/wordpress< wordpress 3.5.1+dfsg-1 (bookworm)+1
Debianwordpress/wordpress< 3.3.2+dfsg-1+7
NVDwordpress/wordpress3.3.1+80

🔴Vulnerability Details

4
GHSA
GHSA-89mv-5c9h-c8f7: Cross-site scripting (XSS) vulnerability in swfupload2022-05-17
GHSA
GHSA-m6ch-qxrg-ggw6: Cross-site scripting (XSS) vulnerability in swfupload2022-05-17
OSV
CVE-2012-3414: Cross-site scripting (XSS) vulnerability in swfupload2013-07-19
OSV
CVE-2012-2399: Cross-site scripting (XSS) vulnerability in swfupload2012-04-21

💥Exploits & PoCs

1
Exploit-DB
SWFupload - 'movieName' Cross-Site Scripting2012-06-29

📋Vendor Advisories

2
Debian
CVE-2012-3414: wordpress - Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 a...2012
Debian
CVE-2012-2399: wordpress - Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 a...2012
CVE-2012-3414 — Cross-site Scripting in Wordpress | cvebase